Points:25Description:Found a way to abuse old unused code to login as any user with just his passhash and userid. Proof of concept gave him to get full administrator access on the site.

# 2

Points:100Description:A major SQL injection was found in the IRC stats page!

# 3

Points:100Description:StenoPlasma found a SQL injection in the search feature of the rankings page which potentially allowed him to read arbitrary data from the database.

# 4

Points:500Description:StenoPlasma found a vulnerability in the source viewing script which allowed him to view any file on the server. He also found the same flaw in another script shortly after.

# 5

Points:50Description:Nines9 and StenoPlasma found a CSRF vulnerability in the Forum BBCode that allowed them to make themselves site administrators, log out users, flag comments, accept and delete IRC linked Nicknames, etc.